Sometime it’s useful to do an assessment of what’s online on your network, probably you think to know every server and service running, but I had more than one surprise in the past, with “test server just plugged in for a short time”, “New test service” or worst, hacked machine that exposed “new service”.
Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. Scanning procedures, such as ping sweeps and port scans, return information about which IP addresses map to live host and the active ports on every server.
Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.
Angry IP Scanner, is written in Java, and present in many distributions, also in backtrack allows you to scan an IP range to see which IP are active or not.
Very easy to use, thanks to a convenient graphical interface.
Angry IP Scanner implements several different methods of detecting alive hosts (pinging).
As a rule, if hosts don’t respond to pings, they are considered dead and therefore not scanned further. This behavior can be changed in the Preferences dialog, Scanning tab. In the same place you can also select the pinging method.
So in general the methos are:
ICMP ECHO [ping]
ICMP ECHO [alternative]
This pinging method is preferred when you don’t have administrative privileges. Angry IP Scanner will detect the absence of privileges and use this method automatically.
The method works by sending out UDP packets to some UDP port very unlikely to be open. If the port is closed, the host must send the ICMP packet back informing of the fact. If the packet is reseived, Angry IP Scanner knows that the host is actually alive and records the roundtrip time. No response can mean that the UDP port is open (very unlikely) or the host is dead.
TCP port probe
This method tries to connect to some TCP port that is unlikely to be filtered (e.g. 80). If either the connection can be established or TCP RST packet is received (meaning that port is closed), Angry IP Scanner knows that host actually responds and can be considered as alive. If the port is filtered (no response to connection attempt), then the host is considered to be dead.
AutoScan-Network is a network scanner (discovering and managing application). No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.
Much more useful than Angry IP Scanner this tool can find for the host his services and operating system.
- Fast network scanner
- Automatic network discovery
- TCP/IP scanner
- Wake on lan functionality
- Multi-threaded Scanner
- Port scanner
- Low surcharge on the network
- VNC Client
- Telnet Client
- SNMP scanner
- Simultaneous subnetworks scans without human intervention
- Realtime detection of any connected equipment
- Supervision of any equipment (router, server, firewall…)
- Supervision of any network service (smtp, http, pop, …)
- Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
- The graphical interface can connect one or more scanner agents (local or remote)
- Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)
- Network Intruders detection (in intruders detection mode, all new equipments blacklisted)
- Complete network tree can be saved in a XML file.
- Privileged account is not required
Umit is a user-friendly graphical interface to Nmap that lets you perform network port scanning.
Umit was designed to accomodate and run more than one scan at time. Each scan is executed and shown inside a Scan Tab, which has a title and organize every information obtained in the scan result.
The Scan Tab tries to facilitate your life, by making the information easier to navigate and search for a given information. Usually, if you wanted to scan an entire network using Nmap, you would have to open up your favorite terminal, type an entire Nmap command, like this one:
nmap -A -F -n -T4 192.168.1.1-254
and when it finally finishes you’ll end up with a bunch of lines in the terminal that can hardly be searched and read. If your goal was to know which of the 200 hosts found are serving ssh, what were you going to do? Maybe it won’t seen impossible for you, (and it’s not) but surely it’s a boring task that gets worst when you have to do that more than once.
An answer to your problem is Umit, that can handle this task easily, with just a couple of clicks.
So, if you’re wondering if you should retire the command line, I would say NO!. The Nmap’s command interface is very useful when you want to scan a few hosts, and skim the result quickly to make a decision. Every good network administrator know how useful is it to simply call:
to know which services are up, for example. If you’re at the command line, you won’t want to open a graphical application to do so, if you can quickly pull off your doubt about what is up or down from were you stand.
Umit is intended to help you manage your network, by giving you a better way to examine carefully your network peers. If your intention is to know better your network, then Umit is what you need.